Security is something the communications industry historically has never taken all that seriously. Some might argue with this statement, but the fact is, the communications industry didn't need to take it seriously until more recently. In the old way, almost all communications tools were deployed on premises and most systems were meant to only talk to people within our own organizations, which most believe to be a secure environment. The only communications tool that was used broadly to communicate with people outside the company was voice, but the PSTN was a closed network. Even with IP telephony, companies would "VoIP" within their corporate walls and then hit the PSTN for external calls.
Today, things are different. Communications tools have moved to the cloud and businesses use the Internet for connectivity. Also, some of the newer kinds of communications tools, such as team collaboration apps, enable workers to collaborate more easily with people external to their company. The old way was to have internal-facing apps on a closed network. Now we have external-facing apps on a public network, and this changes the security paradigm for communications.
Symphony Communications is a team collaboration vendor that has made security a core differentiator. It did this out of necessity as its primary focus is the financial services, insurance, professional services, and other critical and vital industries with strict security and regulatory compliance mandates. This week, it announced it has added native data loss prevention (DLP) to its product to help its customers protect against data leakage and fraud.
Symphony's product includes native DLP that provides real-time scanning of file attachments and other metadata. Through a dashboard or through APIs, customers can define and manage policies at a company or individual level. This is complementary to the current rich set of administrative, security, and compliance capabilities built into its product. The addition of DLP gives employees, business leaders, and risk officers confidence that sensitive information isn't being leaked outside the company walls.
To understand how DLP might protect an organization better, consider the example of a set of executives working on multiple documents -- some marked confidential and others that are fine for public consumption. A marketing person wants to take one of the public-facing documents, perhaps a press release, and send it to a reporter. However, they accidently try and send one of the confidential docs. Most systems would just send it, but Symphony's would see it was confidential and block the transmission.
DLP as a Competitive Differentiator
I believe the integrated and native DLP is currently unique to Symphony. Cisco, the only other team collaboration vendor that talks up security, has DLP capabilities but that's done by having the Webex Events API poll for events and content which then need to be integrated with an external DLP system. This approach works but does require integration of platforms.
Slack also has DLP, but that's done via a third-party vendor, Watchtower.ai. It's my understanding that Watchtower currently isn't real-time DLP (that capability is coming in the future). Also, because customer data is sent between cloud providers, Slack has no control over whether Watchtower decrypts the data in the cloud. Symphony has talked up the importance of end-to-end security and provides a great example of how an integrated solution can deliver end to end, where the use of a third-party vendor could break that.
In fact, I recently attended an event where renowned hacker Kevin Mitnick was speaking, and he was asked what he feels is the biggest security risk facing companies today. His response? Cloud federation. It's great that Slack has a large list of partners for security, but each time the data is sent to another cloud provider control is lost and security is compromised.
Microsoft recently announced native DLP for its Teams product, but said DLP would come in a future release. No firm time table was given. Although Slack beat Microsoft to market with the feature, I believe the native approach makes more sense long term.
Symphony's end-to-end encryption model with native DLP is ideally suited for companies that are using team collaboration to share sensitive or confidential information. But the range of cyber threats continues to explode and all businesses should be careful when using a collaboration platform that has security as an afterthought. This might have been sufficient in the past, but it certainly isn't now.
Follow Zeus Kerravala on Twitter!